Even if you are lucky enough to have access to your server's php.ini file where you can harden many of your server features against attacks, there are many vectors of attack, so having multiple layers of protection is the smart thing to do. Also some people can only afford shared hosting, and...